I want to add two CNAME records to make my Microsoft exchange be DKIM compliant according to Microsoft.com’s instructions.
Is there any possibility adding the two CNAME records would cause disruptions to people sending emails in exchange?
CNAME record updates for DKIM is also really slow to be recognized by Microsoft so I might have to wait 72 hours until the CNAME is recognized by Microsoft for DKIM.
The DKIM signatures are checked against DKIM DNS records, but not the other way around. As the selector could be anything, without a signature stating the selector there's no way to even tell whether a domain uses DKIM signatures or not. There's simply no way to know where to look.
That's also exactly why Microsoft requires you to have those CNAME records and performs the checks before they start DKIM signing any mail.
Well, there's one conflicting condition: if you are already using the same selector for DKIM signing with another service provider, adding a CNAME that replaces that selector would possibly interrupt their services, resulting in signatures that couldn't be verified. That's unlikely, but possible.
